resteasy-reactive Interceptors don't get executed after Authorization failure #32049
Comments
|
/cc @FroMage (resteasy-reactive), @Sgitario (resteasy-reactive), @geoand (resteasy-reactive), @stuartwdouglas (resteasy-reactive) |
|
@michalvavrik is this something you are aware of? Is it expected? |
Yes @geoand , it's expected, it (peforming security checks by |
|
Not sure where to document it, maybe migration page? |
|
Why not add it to RESTEasy Reactive reference doc? |
|
Sure. I'm terribly busy this week. Unless you want to do it, I'll do it next week. @javanegmond is doc reference I provided and hint |
No problem at all |
While I think that will work (will have to try later), I don't think it's a good solution. |
I hear you, but authentication checks should always run first and running CDI interceptors defined by users after failed checks seems wrong to me. There should be better way to provide logging so that user logging don't have to differ between auth failure/successful request. |
For auditibility, we are required to log some details (other than the endpoint, which I assume we can just enable some logging for) about the resource being called, regardless of failed auth, how else would you propose to do this than an interceptor? I do hear you as well; especially auth checks should always run first. Deserialization of input should probably also not happen if auth checks fail. This creates a bit of a conundrum I guess. |
I'd expect to have one way to log things, but I'm pretty sure this is not related to the security. There can be exception during serialization or thrown by any other filter/handler and you won't have these logged by your interceptor either. It's much more general problem. I suggest you discuss it on Zulip with developers or open issue as I won't be very helpful here.
You can't access invoked method from there, you can work with request info as uri, query params and security identity. I think when there is sent challenge into your custom auth mechanism, you can get user from
Yep. |
I just had some time to toy around with a vertx failure handler. Added a failure handler like in the example given in the documentation that was linked. I used the previously provided reproducer as a base. While I observe the init being called, the handler implementation ever gets called in this example. Besides that, even if it does get called, I didn't immediately see a way to obtain the resource method from the RouteContext. I would like to clarify that this all regards an authorization failure, not an authentication failure. Since the authorization is 'configured' (for lack of a better term) via the @RolesAllowed annotation, the resource method is most definitely determinable. I feel like there should be a way to act on it, even if not calling the actual resource method (and not deserializing the request etc). I have found a workaround that will likely be acceptable for our usecase, using a ContainerResponseFilter. It's not ideal: In the case of successful execution I would prefer the intended logging to happen before any logging in the business method. But alas, we take what we can get and using trace/spanIds we can correlate the logging regardless. I fail to see your intent with the reply of just a support URL. |
You can't access resource method from
Yes and no. You will need to write extra code that Quarkus currently don't contain to match annotation instance over resource method with request match as we don't create separate security check for each instance (I mean, you can use I feel like ^^ is not helpful for you, but you should be able to uniquely identify resource method based on path, so that's all currently Quarkus offer.
You opened this issue for authorization issue, but logging failures before CDI interceptors run concerns more than authorization security check failure as I tried to establish above - if incorrect JSON object can't be deserialized, your interceptor won't catch it, but for audibility you will want to know it, won't you? I said in the comment above that I'm not right person to offer opinion and proposed you discuss it with developers. Then realized you might not know what I meant and provided the URL. |
Let's push it somewhere and I'll check, thanks. |
reactive-interceptor-with-failure-handler.zip
Copy. I hadn't really thought about what would happen with deserialization failures, but that does sound about right. This suggests to me that my workaround using a ResponseFilter is the most feasible solution for the time being.
I feel like this goes a bit beyond the context of this issue maybe, but how do you want to do just one check if In any case, I feel like it would be great to document this difference in behavior of quarkus-resteasy and quarkus-resteasy-reactive. After this whole interaction I do think that the resteasy-reactive behavior is the "more correct" implementation. |
I see, the docs URL I provided document authentication failures with proactive authentication, when authorization check you force by
I just meant that we simply don't keep the information about resource methods for which the roles allowed security check is performed as the same class instance is used to secure multiple resource methods (if they use same annotation value).
Sure, the docs need to be improved. Will do it next week (or week after that, busy :-)). |
glad it works for you |
This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.220.0` -> `^0.222.0`](https://renovatebot.com/diffs/npm/flow-bin/0.220.0/0.222.0) | | [org.postgresql:postgresql](https://jdbc.postgresql.org) ([source](https://github.com/pgjdbc/pgjdbc)) | build | minor | `42.6.0` -> `42.7.0` | | [org.liquibase.ext:liquibase-hibernate5](https://github.com/liquibase/liquibase-hibernate/wiki) ([source](https://github.com/liquibase/liquibase-hibernate)) | build | minor | `4.24.0` -> `4.25.0` | | [org.liquibase:liquibase-maven-plugin](http://www.liquibase.org/liquibase-maven-plugin) ([source](https://github.com/liquibase/liquibase)) | build | minor | `4.24.0` -> `4.25.0` | | [org.jsoup:jsoup](https://jsoup.org/) ([source](https://github.com/jhy/jsoup)) | compile | minor | `1.16.2` -> `1.17.1` | | [io.hypersistence:hypersistence-utils-hibernate-62](https://github.com/vladmihalcea/hypersistence-utils) | compile | patch | `3.6.0` -> `3.6.1` | | [org.hibernate.orm:hibernate-envers](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | minor | `6.3.1.Final` -> `6.4.0.Final` | | [org.hibernate.orm:hibernate-core](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | minor | `6.3.1.Final` -> `6.4.0.Final` | | [com.blazebit:blaze-persistence-bom](https://persistence.blazebit.com) ([source](https://github.com/Blazebit/blaze-persistence)) | import | patch | `1.6.9` -> `1.6.10` | | [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | build | minor | `2.40.0` -> `2.41.0` | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.5.1` -> `3.6.0` | | [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | patch | `3.5.1` -> `3.5.3` | --- ### Release Notes <details> <summary>flowtype/flow-bin</summary> ### [`v0.222.0`](flow/flow-bin@543cad7...84a68f1) [Compare Source](flow/flow-bin@543cad7...84a68f1) ### [`v0.221.0`](flow/flow-bin@e8b3a2e...543cad7) [Compare Source](flow/flow-bin@e8b3a2e...543cad7) ### [`v0.220.1`](flow/flow-bin@030bfc6...e8b3a2e) [Compare Source](flow/flow-bin@030bfc6...e8b3a2e) </details> <details> <summary>pgjdbc/pgjdbc</summary> ### [`v42.7.0`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#​4270-2023-11-20-093300--0500) ##### Changed - fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to `java.desktop` module. [MR #​2967](pgjdbc/pgjdbc#2967) - feat: return all catalogs for getCatalogs metadata query closes [ISSUE #​2949](pgjdbc/pgjdbc#2949) [MR #​2953](pgjdbc/pgjdbc#2953) - feat: support SET statements combining with other queries with semicolon in PreparedStatement [MR ##​2973](pgjdbc/pgjdbc#2973) ##### Fixed - chore: add styleCheck Gradle task to report style violations [MR #​2980](pgjdbc/pgjdbc#2980) - fix: Include currentXid in "Error rolling back prepared transaction" exception message [MR #​2978](pgjdbc/pgjdbc#2978) - fix: add varbit as a basic type inside the TypeInfoCache [MR #​2960](pgjdbc/pgjdbc#2960) - fix: Fix failing tests for version 16. [MR #​2962](pgjdbc/pgjdbc#2962) - fix: allow setting arrays with ANSI type name [MR #​2952](pgjdbc/pgjdbc#2952) - feat: Use KeepAlive to confirm LSNs [MR #​2941](pgjdbc/pgjdbc#2941) - fix: put double ' around log parameter [MR #​2936](pgjdbc/pgjdbc#2936) fixes [ISSUE #​2935](pgjdbc/pgjdbc#2935) - fix: Fix Issue [#​2928](pgjdbc/pgjdbc#2928) number of ports not equal to number of servers in datasource [MR #​2929](pgjdbc/pgjdbc#2929) - fix: Use canonical DateStyle name ([#​2925](pgjdbc/pgjdbc#2925)) fixes [pgbouncer issue](pgbouncer/pgbouncer#776) - fix: Method getFastLong should be able to parse all longs [MR #​2881](pgjdbc/pgjdbc#2881) - docs: Fix typos in info.html [MR #​2860](pgjdbc/pgjdbc#2860) - fix: Return correct default from PgDatabaseMetaData.getDefaultTransactionIsolation [MR #​2992](pgjdbc/pgjdbc#2992) fixes [Issue #​2991](pgjdbc/pgjdbc#2991) - test: fix assertion in RefCursorFetchTestultFetchSize rows - test: use try-with-resources in LogicalReplicationStatusTest </details> <details> <summary>liquibase/liquibase-hibernate</summary> ### [`v4.25.0`](https://github.com/liquibase/liquibase-hibernate/releases/tag/v4.25.0): Support for Liquibase Hibernate 6 Extension v4.25.0 [Compare Source](liquibase/liquibase-hibernate@v4.24.0...v4.25.0) #### Changes #### What's Changed - DAT-15993 - liquibase-hibernate using Liquibase Parent POM by [@​jandroav](https://github.com/jandroav) in liquibase/liquibase-hibernate#587 - Update README.md by [@​vivekBoii](https://github.com/vivekBoii) in liquibase/liquibase-hibernate#585 - Update pom.xml by [@​jandroav](https://github.com/jandroav) in liquibase/liquibase-hibernate#596 - chore(deps): bump liquibase/build-logic from 0.4.7 to 0.5.5 by [@​dependabot](https://github.com/dependabot) in liquibase/liquibase-hibernate#609 - Fixed a typo in ReadMe by [@​smty2018](https://github.com/smty2018) in liquibase/liquibase-hibernate#600 #### New Contributors - [@​vivekBoii](https://github.com/vivekBoii) made their first contribution in liquibase/liquibase-hibernate#585 - [@​smty2018](https://github.com/smty2018) made their first contribution in liquibase/liquibase-hibernate#600 - [@​sayaliM0412](https://github.com/sayaliM0412) made their first contribution in liquibase/liquibase-hibernate#618 **Full Changelog**: liquibase/liquibase-hibernate@v4.24.0...v4.25.0 </details> <details> <summary>liquibase/liquibase</summary> ### [`v4.25.0`](https://github.com/liquibase/liquibase/blob/HEAD/changelog.txt#Liquibase-4250-is-a-major-release) [Compare Source](liquibase/liquibase@v4.24.0...v4.25.0) </details> <details> <summary>vladmihalcea/hypersistence-utils</summary> ### [`v3.6.1`](https://github.com/vladmihalcea/hypersistence-utils/blob/HEAD/changelog.txt#Version-361---November-11-2023) \================================================================================ Export the testing mechanism [#​676](vladmihalcea/hypersistence-utils#676) </details> <details> <summary>hibernate/hibernate-orm</summary> ### [`v6.4.0.Final`](https://github.com/hibernate/hibernate-orm/blob/HEAD/changelog.txt#Changes-in-640Final-November-23-2023) [Compare Source](hibernate/hibernate-orm@6.3.2...6.4.0) https://hibernate.atlassian.net/projects/HHH/versions/32212 \*\* Bug \* \[HHH-17454] - SemanticException caused by type check when comparing generic path to parameter expression \* \[HHH-17428] - Parameter place holder should start from 1 in StandardTemporaryTableExporter \* \[HHH-17415] - NullPointerException: EntityValuedPathInterpretation - getNavigablePath() \* \[HHH-17412] - Type comparison error due to surprising javac method selection \* \[HHH-17411] - Fetch join on treated join leads to owner not selected error \* \[HHH-17386] - Type inference source is not reset for top level predicates \* \[HHH-17384] - OneToMany association with [@​NotFound](https://github.com/NotFound) results in SQL with different JOIN-type for SELECT (LEFT JOIN) and COUNT (JOIN) \* \[HHH-17383] - Association is null in lazy initialized element collection \* \[HHH-17382] - Dynamic instantiation leads to superclass fields not found when using injection \* \[HHH-17381] - fix wrong groupId in Compatibility.adoc \* \[HHH-17380] - Persisting an entity with a non generated id and [@​MapsId](https://github.com/MapsId) throws PropertyValueException \* \[HHH-17370] - ServiceException: Unable to create requested service \[org.hibernate.engine.jdbc.env.spi.JdbcEnvironment] due to: Cannot invoke "org.hibernate.resource.jdbc.spi.JdbcObserver.jdbcConnectionAcquisitionEnd(java.sql.Connection)" because "this.observer" is null \* \[HHH-17344] - DB2zDialect NullPointerException \* \[HHH-17328] - Retrieve entity using entity graph not adding type in the where clause for [@​Inheritance](https://github.com/Inheritance)(strategy = InheritanceType.SINGLE_TABLE) \* \[HHH-17313] - Session#setDefaultReadOnly is ignored by named queries \* \[HHH-17308] - AssertionError when mixing [@​SQLSelect](https://github.com/SQLSelect) and composite ID \* \[HHH-17299] - AssertionError in DiscriminatorPathInterpretation when treating a path with the same subtype \* \[HHH-17294] - Non-Embeddable JSON objects are not marked as dirty when modified \* \[HHH-17292] - MappedSuperclass with more than 1 subclass level leads to "UnknownPathException: Could not resolve attribute" \* \[HHH-17102] - [@​SqlResultSetMapping](https://github.com/SqlResultSetMapping) doesn’t work with [@​Inheritance](https://github.com/Inheritance)(strategy = InheritanceType.JOINED) \*\* Deprecation \* \[HHH-17441] - Deprecate [@​Comment](https://github.com/Comment) \*\* Improvement \* \[HHH-17425] - Introduce new configuration parameters for offline Dialect initialization \* \[HHH-17424] - Have Dialect manage more of ExtractedDatabaseMetadata \* \[HHH-17417] - Workaround Oracle driver issue to reduce connection creation \* \[HHH-17409] - Support offset without limit in AbstractSimpleLimitHandler and Oracle12LimitHandler \* \[HHH-17389] - Add getQueryHintString() for PostgreSQLDialect \* \[HHH-17372] - Endless recursion between default implementations of SelectionQuery.getResultStream() and SelectionQuery.stream() \* \[HHH-17355] - Smoothen rough edges with array functions \* \[HHH-17340] - Fix typos in javadoc \* \[HHH-17023] - Add support for Altibase dialect \* \[HHH-15074] - Allow partial composite id generation for EmbeddedId \*\* New Feature \* \[HHH-17357] - Support pgvector types and functions \* \[HHH-17210] - Expose custom JFR events \*\* Sub-task \* \[HHH-17347] - Support for JDK which do not support JFR events \*\* Task \* \[HHH-17390] - Change scope of AbstyractEntityInitializer#resolveInstance \* \[HHH-17367] - Add links to tutorials in documentation \* \[HHH-17362] - Define dependencies of hibernate-jpamodelgen as api \* \[HHH-17350] - Work on hibernate-models, XSD and JAXB ### [`v6.3.2.Final`](hibernate/hibernate-orm@6.3.1...6.3.2) [Compare Source](hibernate/hibernate-orm@6.3.1...6.3.2) </details> <details> <summary>Blazebit/blaze-persistence</summary> ### [`v1.6.10`](https://github.com/Blazebit/blaze-persistence/blob/HEAD/CHANGELOG.md#​1610) [Compare Source](Blazebit/blaze-persistence@1.6.9...1.6.10) 12/11/2023 - [Release tag](https://github.com/Blazebit/blaze-persistence/releases/tag/1.6.10) [Resolved issues](https://github.com/Blazebit/blaze-persistence/issues?q=is%3Aissue+milestone%3A1.6.10+is%3Aclosed+sort%3Aupdated-desc) ##### New features - Support JDK 21 - Add CockroachDB function registrations - Support Hibernate 6.3 and 6.4 - Special case limit 1 in correlation builders to support old MySQL and MariaDB versions ##### Bug fixes - Fix parsing error for entity view limit mapping - Fix dropping of embeddable group by expression when nested property has same name as parent property - Fix SQL generation for lateral subqueries when correlated path has `@Where` predicate - Fix `ConcurrentModificationException` during metamodel determination for special Hibernate Envers mappings - Clear `EntityViewManager` static fields in entity view implementations to avoid possible memory leak - Ignore `@Any` mapped attributes in enum type scanning - Fix NPE caused by wrong order by expression during criteria builder copying - Workaround Hibernate 6 returning null java type for enum parameters - Add Entity View type test values for more Java types ##### Backwards-incompatible changes None yet </details> <details> <summary>diffplug/spotless</summary> ### [`v2.41.0`](https://github.com/diffplug/spotless/blob/HEAD/CHANGES.md#​2410---2023-08-29) ##### Added - Add a `jsonPatch` step to `json` formatter configurations. This allows patching of JSON documents using [JSON Patches](https://jsonpatch.com). ([#​1753](diffplug/spotless#1753)) - Support GJF own import order. ([#​1780](diffplug/spotless#1780)) ##### Fixed - Use latest versions of popular style guides for `eslint` tests to fix failing `useEslintXoStandardRules` test. ([#​1761](diffplug/spotless#1761), [#​1756](diffplug/spotless#1756)) - Add support for `prettier` version `3.0.0` and newer. ([#​1760](diffplug/spotless#1760), [#​1751](diffplug/spotless#1751)) - Fix npm install calls when npm cache is not up-to-date. ([#​1760](diffplug/spotless#1760), [#​1750](diffplug/spotless#1750)) ##### Changes - Bump default `eslint` version to latest `8.31.0` -> `8.45.0` ([#​1761](diffplug/spotless#1761)) - Bump default `prettier` version to latest (v2) `2.8.1` -> `2.8.8`. ([#​1760](diffplug/spotless#1760)) - Bump default `greclipse` version to latest `4.27` -> `4.28`. ([#​1775](diffplug/spotless#1775)) </details> <details> <summary>quarkusio/quarkus</summary> ### [`v3.6.0`](quarkusio/quarkus@3.5.3...3.6.0) [Compare Source](quarkusio/quarkus@3.5.3...3.6.0) ### [`v3.5.3`](https://github.com/quarkusio/quarkus/releases/tag/3.5.3) [Compare Source](quarkusio/quarkus@3.5.2...3.5.3) ##### Complete changelog - [#​37215](quarkusio/quarkus#37215) - Use LinkedHashMap for parts map to ensure user input order - [#​37214](quarkusio/quarkus#37214) - MultipartFormDataOutput should use an ordered map instead of a HashMap - [#​37210](quarkusio/quarkus#37210) - \[3.5] Fix and adjust Quarkiverse extension template - [#​37209](quarkusio/quarkus#37209) - Build cache - Additional tweaks - [#​37206](quarkusio/quarkus#37206) - recognize quarkus.tls.trust-all property by keycloak-admin-client extension - [#​37174](quarkusio/quarkus#37174) - Ignore files coming from quarkus-ide-launcher jar - [#​37130](quarkusio/quarkus#37130) - Do not report unused deprecated runtime props with default value as used - [#​37102](quarkusio/quarkus#37102) - Fix filter per extension in dev ui - [#​37073](quarkusio/quarkus#37073) - Use 3.2 as the example stream for update-quarkus.adoc - [#​37072](quarkusio/quarkus#37072) - Deprecated runtime configuration properties with default value are reported even though never used - [#​37046](quarkusio/quarkus#37046) - Adjust Quarkiverse Antora doc templates a bit - [#​36961](quarkusio/quarkus#36961) - Fix GraphQL WebSocket handling occurring before authorization ### [`v3.5.2`](https://github.com/quarkusio/quarkus/releases/tag/3.5.2) [Compare Source](quarkusio/quarkus@3.5.1...3.5.2) ##### Complete changelog - [#​37120](quarkusio/quarkus#37120) - Bump Smallrye RM from 4.10.1 to 4.10.2 - [#​37104](quarkusio/quarkus#37104) - Make analytics tests more a bit more resilient - [#​37090](quarkusio/quarkus#37090) - Add the actual coordinates of the MySQL driver - [#​37070](quarkusio/quarkus#37070) - Security doc fix: Broken link and bad code snippet - [#​37069](quarkusio/quarkus#37069) - Tiny tweaks based on QE feedback for Datasource guide - [#​37068](quarkusio/quarkus#37068) - Updates infinispan client intelligence section - [#​37058](quarkusio/quarkus#37058) - Bump com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.15.3 - [#​37055](quarkusio/quarkus#37055) - Bump io.smallrye.config:smallrye-config-source-yaml from 3.4.1 to 3.4.4 in /devtools/gradle - [#​37038](quarkusio/quarkus#37038) - Disable CustomManifestArgumentsTest on Windows - [#​37032](quarkusio/quarkus#37032) - OpenAPI make sure basic auth auto detection work - [#​37028](quarkusio/quarkus#37028) - Fix typos in reactive-sql-clients.adoc - [#​37025](quarkusio/quarkus#37025) - Document how to log authentication failures for RESTEasy Reactive users migrating from the RESTEasy Classic - [#​37019](quarkusio/quarkus#37019) - Address CVE-2023-21971 present in MySQL connector - [#​37018](quarkusio/quarkus#37018) - Address CVE-2023-21971 present in MySQL connector - [#​37015](quarkusio/quarkus#37015) - Bump org.eclipse.parsson:parsson from 1.1.4 to 1.1.5 - [#​37010](quarkusio/quarkus#37010) - Fix vale errors and some warnings in the OIDC Configuration Properties reference guide - [#​37006](quarkusio/quarkus#37006) - Never register server specific providers in REST Client (fixed) - [#​37003](quarkusio/quarkus#37003) - Small adjustments for documentation related content - [#​37001](quarkusio/quarkus#37001) - Revert "Unblock SmallRye Health exposed routes" - [#​36991](quarkusio/quarkus#36991) - Upgrade es-module-shims to 1.8.1 - [#​36985](quarkusio/quarkus#36985) - Generate a file with relations between guides - [#​36983](quarkusio/quarkus#36983) - Fix discarded ObjectMapper configuration - [#​36981](quarkusio/quarkus#36981) - Updates to Infinispan 14.0.20.Final - [#​36968](quarkusio/quarkus#36968) - Send host.name in all spans - [#​36953](quarkusio/quarkus#36953) - Workaround quarkusio/quarkus#36952 alias jboss/jboss-parent-pom#236 jboss-parent:40 still manages jdk-misc, but does not define version.jdk-misc anymore - [#​36942](quarkusio/quarkus#36942) - Option TraceServiceLoaderFeature removed in GraalVM 23.1 - [#​36941](quarkusio/quarkus#36941) - Fix OTel Resource Attributes - [#​36924](quarkusio/quarkus#36924) - Add keywords and topics for hibernate-search-orm-elasticsearch.adoc - [#​36917](quarkusio/quarkus#36917) - Update SmallRye Config to 3.4.4 - [#​36914](quarkusio/quarkus#36914) - Reset databases/users for each Hibernate ORM tenancy test module - [#​36912](quarkusio/quarkus#36912) - Avoid `@TempDir` in RestClientCDIDelegateBuilderTest - [#​36884](quarkusio/quarkus#36884) - SmallRye Config property mapping mismatches from the property name in the generated config documentation - [#​36868](quarkusio/quarkus#36868) - Native binary generated using quarkus, graalvm and picocli trying to read from .env folder in working directory - [#​36856](quarkusio/quarkus#36856) - Lowercase env vars with hyphens are no picked up anymore in Quarkus 3.5.0 (e.g. in docker compose or Hashicorp Nomad) - [#​36850](quarkusio/quarkus#36850) - ObjectMapper configuration is discarded in resteasy-reactive-jackson's JsonFactory - [#​36847](quarkusio/quarkus#36847) - SmallRye Config error message suggests strange enum values when a bad value is passed - [#​36753](quarkusio/quarkus#36753) - Fix order of defaults recording - [#​36742](quarkusio/quarkus#36742) - DevUI resource error on main - [#​36711](quarkusio/quarkus#36711) - Disable Http2RSTFloodProtectionTest on Windows - [#​36578](quarkusio/quarkus#36578) - Maven CLI: add startWith matching into recipes detection - [#​36573](quarkusio/quarkus#36573) - Maven CLI: add wildcard matching into recipes detection - [#​36570](quarkusio/quarkus#36570) - Maven CLI: use recipes for platform extensions - [#​36568](quarkusio/quarkus#36568) - Maven CLI: use recipes for platform extensions - [#​36129](quarkusio/quarkus#36129) - auto-service-loader-registration fails with GraalVM CE 21+35.1 - [#​32049](quarkusio/quarkus#32049) - resteasy-reactive Interceptors don't get executed after Authorization failure - [#​31024](quarkusio/quarkus#31024) - Resteasy Reactive client tries to use ContainerResponseFilter </details> <details> <summary>quarkusio/quarkus-platform</summary> ### [`v3.5.3`](quarkusio/quarkus-platform@3.5.2...3.5.3) [Compare Source](quarkusio/quarkus-platform@3.5.2...3.5.3) ### [`v3.5.2`](quarkusio/quarkus-platform@3.5.1...3.5.2) [Compare Source](quarkusio/quarkus-platform@3.5.1...3.5.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
Describe the bug
When using quarkus-resteasy-reactive, Interceptors on the resource method are not executed when authorization has not passed (for instance due to use of @RolesAllowed). This is different from quarkus-resteasy, where such Interceptors do get executed.
Our use case for this is to log some additional information of the resource method. Example are annotations on the resource method.
Expected behavior
Interceptors get executed.
Actual behavior
Interceptors do not get executed.
How to Reproduce?
Please see attached reproducer.
I copied the @Logged interceptor example and slightly adjusted it. You can run the unit test to see it does not log anything from LoggedInterceptor on the endpoint with @RolesAllowed. Change the dependency from quarkus-resteasy-reactive to quarkus-resteasy and you will see the logging as expected.
reactive-interceptor.zip
Output of
uname -aorverLinux 5.4.0-144-generic
Output of
java -versionopenjdk version "17.0.6" 2023-01-17
GraalVM version (if different from Java)
No response
Quarkus version or git rev
2.16.4.Final
Build tool (ie. output of
mvnw --versionorgradlew --version)Apache Maven 3.6.3
Additional information
I'm not sure if this is intended behavior. However, it is most definitely a notable difference that is not mentioned on the migration page[1].
Similarly, I've found that also @ServerRequestFilter annotated methods and ContainerRequestFilter implementations do not get called. However, ContainerResponseFilter do get called. I have not checked @ServerResponseFilter.
[1]https://quarkus.io/guides/resteasy-reactive-migration
The text was updated successfully, but these errors were encountered: